Jay's example is a clever use of `web-server` continuations. If I
understand this example correctly, some comments... Note that this
approach requires that the continuation for a survey participant still
be available when the participant clicks the link in their email. If
you use this approach for a survey for which people have hours or days
to respond, you'll probably want to persist the continuations in a
database or file store of some kind (that's longer-lived than the Racket
process, though I don't recall the options `web-server` has for this).
And also not let the framework expire the continuation for a participant
while you're still entertaining the possibility of their participation.
Also, you might not be able to update your server software once the
survey is started, due to the continuations hanging out there.
An alternative is to forget about continuations hanging around, and keep
the random key in database table (such as in PostgreSQL) of the
participants in a survey. You probably are storing some information
about participants and survey responses, anyway, and the key for a
survey is just another attribute in the conceptual data model (e.g., an
attribute of the Participation association/relationship between Person
and Survey, if that's how you model it). You can generate a random key
string for the URL with the `random` procedure and string operations (or
read from a source like "/dev/random" or "/dev/urandom" if higher
security). If users might have to type the key manually, you could make
it all-lowercase ASCII letters (base 26), separated by minus characters
into groups of 3-4 letters, and not too long overall.
Also, you might have to detect and/or thwart attempts to brute-force the
keys, or to at least at some point check the logs for signs of
brute-forcing. Some online surveys tend to get gamed, for
ideological/political/business/amusement reasons; I don't know whether
that's an issue for your particular survey.
Neil V.
--
You received this message because you are subscribed to the Google Groups "Racket
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
